Sure — as a security-minded website owner you’re probably already using a VPN to protect your privacy, managing app permissions to protect your phone, making sure your browser is blocking third party trackers, and enforcing strong passwords for all of your databases and user accounts. But personal security extends well beyond the scope of protecting… Continue reading What is a Scam?
Category: Security Education
Автоматически добавленное в WPeMatico
Analysis of the Massive NDSW/NDSX Malware Campaign
Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive infections don’t go unnoticed by Sucuri and we immediately recognized that the infection in their writeup belonged to the campaign we internally refer to as “ndsw/ndsx” malware. We’ve been tracking… Continue reading Analysis of the Massive NDSW/NDSX Malware Campaign
Vulnerability & Patch Round-up — May 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. We’ve compiled a list of some important security updates and vulnerability patches for the WordPress ecosystem for May, 2022. Critical Privilege Escalation Vulnerability in Jupiter and JupiterX… Continue reading Vulnerability & Patch Round-up — May 2022
Top Ten Most Cumbersome Website Infections to Remove in 2021
In today’s post we’re going to be going over the top ten most cumbersome website infections to remove, based on the sheer number of files or database entries that they infected on compromised client sites during 2021. Some website malware infections are quite surgical and affect only a small number of files. This is particularly… Continue reading Top Ten Most Cumbersome Website Infections to Remove in 2021
Analyzing a WooCommerce Credit Card Skimmer
The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads to avoid traditional detection. During a recent investigation for an infected WordPress website, we discovered an obfuscated credit card stealer hiding amongst the website’s theme… Continue reading Analyzing a WooCommerce Credit Card Skimmer
X-Cart Skimmer with DOM-based Obfuscation
Our lead security analyst Liam Smith recently worked on an infected X-Cart website and found two interesting credit card stealers there — one skimmer located server-side, the other client-side. X-Cart’s e-commerce platform is not nearly as popular as Magento or WooCommerce and as a result we don’t see as many threat actors targeting it. While… Continue reading X-Cart Skimmer with DOM-based Obfuscation
Examining Emerging Backdoors
Next up in our “This didn’t quite make it into the 2021 Threat Report, but is still really cool” series: New backdoors! Backdoors are a crucial component of a website infection. They allow the attackers ongoing access to the compromised environment and provide them a “foot in the door” to execute their payload. We see… Continue reading Examining Emerging Backdoors
Manually Identifying an X-Cart Credit Card Skimmer
During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research and remediation teams frequently find credit card skimmers on Magento… Continue reading Manually Identifying an X-Cart Credit Card Skimmer
Hacked Website Threat Report 2021
Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors. This year’s report is a collection of observations made by Sucuri’s Research… Continue reading Hacked Website Threat Report 2021
Vulnerability Roundup – April 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this… Continue reading Vulnerability Roundup – April 2022